PT-2024-38579 · Ece · Electronic Ticket System

Yağız Bi̇lgi̇li̇

Published

2024-09-19

Updated

2024-09-20

CVE-2024-7785

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Ece Software Electronic Ticket System versions prior to 2024.08

Description The issue affects the Electronic Ticket System, allowing for Reflected XSS, or Cross-Site Scripting (XSS), due to improper neutralization of input during web page generation.

Recommendations For versions prior to 2024.08, update to a version released after 2024.08 to mitigate the risk of Reflected XSS. As a temporary workaround, consider restricting user input in web page generation to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-7785

Affected Products

Electronic Ticket System

PT-2024-38579 · Ece · Electronic Ticket System

CVE-2024-7785

Weakness Enumeration

Related Identifiers

Affected Products

References · 8